Carpenter v. United States – What future for digital privacy?

On November 29th, 2017, the Supreme Court will hear Carpenter v. United States and decide whether the government violates the Fourth Amendment when it accesses a third party’s record of an individual’s cell phone location without a warrant.

Carpenter was a 2011 case where the defendant was convicted of a series of interstate robberies based on his phone location data, also known as cell-site-location information (CSLI). CSLI is maintained by wireless carriers and is a record of the cell towers our phones connect to every time we transmit calls, texts, emails, or any other digital information. It usually includes the precise geolocation of each tower as well as the day and time the phone tried to connect to it. The government obtained CSLI under the Stored Communications Act (SCA), a 1986 federal statute which provides that a “governmental entity may require a provider of electronic communication service or remote computing service to disclose” records using either a warrant, or, as in Carpenter, using a court order issued “if the governmental entity offers specific and articulable facts showing that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.”

Stated differently, the real question is to what extent does the SCA allow the government to obtain CSLI without a warrant? Or to put it more bluntly, is the SCA unconstitutional?

The third-party doctrine originated in Smith v. Maryland, a 1979 case in which the Supreme Court found that installing and using a pen register to record a phone user’s dialed numbers was not an illegal search and didn’t merit Fourth Amendment protections. According to the Smith court, although the contents of our phone conversations are protected, information about the sender or receiver is not, since they willingly disclose that information to the phone company every time they place a call. Following this logic, the Sixth Circuit first found that the third-party doctrine also authorizes the government to access CSLI as “business records” directly from a cell phone company without a warrant. Additionally, it found that when a person uses their cell phone, they should be aware that their location data is shared with the service provider and should not have any “reasonable expectation of privacy” with respect to that data.

Although Carpenter is about users’ cell locations information, the principle at issue spans over other aspects of our digital privacy, given all the data we now share with third parties through the use of smartphones, wifi hotspots, apps, and cloud-based services. As Justice Sotomayor highlighted in her United States v. Jones concurrence, whatever our current societal expectations of privacy are, our citizenry can “attain constitutionally protected status only if our Fourth Amendment jurisprudence ceases to treat secrecy as a prerequisite for privacy.”

Whether Carpenter is affirmed or overruled, the court discourse will likely revolve around the impracticability of the “third-party doctrine” in the digital age. Does sharing with one mean sharing with many? It is tempting to recommend that the court abandons the “third party” doctrine, but that may be over simplistic. If the court choose to modify it, then where should the line be drawn? should there be a difference between information voluntarily conveyed to a third party or stored on the cloud? There is also a time component to this issue. How long is continuous tracking too long? All these questions, a priori theoretical will be fundamental to the future of our privacy.